As Some Are Requiring People To Give Up Their Info To Dine, Stories Of Creeps Abusing That Info Come Out

from the the-privacy-conundrum dept

I think many of us are going to avoid eating at sit-down restaurants for the foreseeable future, even if governments deem them to be "safe." However, I find it at least somewhat unnerving to see Governor Jay Inslee in Washington say that in order for a restaurant to offer dine-in services, it will need to keep a log of all diners for 30 days, including their telephone and email contact info.

Under Gov. Jay Inslee's new statewide orders, Washington restaurants that offer sit-down service will be required to create a daily log of all customers.

The restaurants must maintain that log for 30 days, including telephone and email contact information and the time they were in the restaurant. The state wants this information to facilitate any contact tracing that might need to occur.

I fully understand why this requirement is there. Since contact tracing is so important, it's much more difficult to do contact tracing in situations like these where there's no way to tell who else was in the same small space where a COVID-positive person dined. But... at the same time, it seems to raise a number of privacy questions.

When I tweeted about this, some pushed back and said it wasn't much different from ordering online or from an app (or even, potentially, paying with a credit card). All of those give up some level of privacy. Yet, as I've been saying for years, privacy is about trade-offs and a big part of that is understanding the benefits and the risks. And when we're ordering with an app or using a credit card, there are reasonable systems in place that make it unlikely that your info will be abused. These are not perfect, and there are some cases where there are risks. But, for most people, the "threat model" suggests it's not that risky.

Yet, it's unclear if that's the case with something like a "restaurant log," like the one that Washington State is requiring. As an example of why that might be problematic, we can just head down to New Zealand (which appears to have almost entirely contained COVID-19) to hear of a story about a restaurant worker using the contact tracing info a customer left to hit on her:

"I had to put my details on their contact tracing form which I didn't think anything of. It asked for my name, home address, email address and phone number so I put all those details down," she tells Newshub.

Except in Jess's case she didn't just take away a sandwich from the Subway restaurant she was at. She also got a Facebook request, Instagram request, Facebook messenger approach and a text from the guy who served her, using her contact tracing details.

"I felt pretty gross, he made me feel really uncomfortable," she says.

"He's contacting me, I didn't ask him to do that, I don't want that.

"I'm lucky that I live with quite a few people because if that was me by myself at home - he knows my address you know - I'd feel really, really scared. Even now I feel a bit creeped out and vulnerable."

The article does note that the Subway employee who did that digital stalking "has now been suspended" (is that New Zealand for fired?), but it can't make anyone very comfortable.

And that's a much bigger issue than just for that woman. If people are afraid that their private info can be misused, they're less likely to give it. In other words, the nature of the privacy trade-offs are vastly different than they might otherwise be. Not understanding that leads to bad results, and yet that seems to be what's happening in Washington.

After receiving some pushback, Inslee is now saying that the logs should only be kept for 14 days and that privacy "protocols" are developed. But that's the kind of thing that need to be built up initially, not after such a plan is announced:

“This is something that we have to make sure that we build protocols around privacy so that any of this information can only be used for this purpose, can be expunged after 14 days so that this is only a minor inconvenience. No one is looking to make this a federal crime. We’re trying to save some lives here,” Inslee added.

Again, he means well, and there's obvious value in contact tracing done correctly. But you can't ignore the privacy issues, and you can't tack them on after things are already messed up. Any system needs to develop the concept with privacy built in from the very start -- and there's no indication that Washington state has done so.

Update: Late this evening Governor Inslee announced that this would no longer be a requirement, though suggested that restaurants set up a voluntary system. It appears he listened to some of the criticism.

Filed Under: contact tracing, dining, pandemic, privacy, restaurants, tradeoffs, washington


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That Anonymous Coward (profile), 15 May 2020 @ 1:40pm

    Humanity unable to learn simple lessons.

    No one would ever do THAT so don't worry about it.
    someone does THAT
    No one could have foreseen this coming.

    Lather rinse repeat.

    reply to this | link to this | view in chronology ]

  • identicon
    Agammamon, 15 May 2020 @ 1:44pm

    Why . . . why would you ever give them your real telephone number and contact info?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 May 2020 @ 2:37pm

      Re: use phony personal info

      good point. That's the proper response to this phony, illegal "government requirement"

      Note carefully that this is government politicians demanding restaurant patrons "register" their personal identity to eat -- it ain't the restaurant owners forcing this.

      Under American constitutional law, nobody in government has authority to order anybody to "register" themselves just to conduct routine retail transactions -- under any circumstances.

      This is a fundamental, formal legal issue -- not some casual personal privacy issue.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 15 May 2020 @ 4:19pm

        Re: Re: use phony personal info

        Under American constitutional law, nobody in government has authority to order anybody to "register" themselves just to conduct routine retail transactions -- under any circumstances.

        Right. Just like sales of cars and guns, to pick just two examples.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 15 May 2020 @ 6:15pm

          Re: Re: Re: use phony personal info

          car registration is not a sales transaction requirement, but a seperate requirement if the vehicle is used on public roads

          gun registration is directly prohibited by the 2nd Amendment, if one is fussy about that rule of law stuff.

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 15 May 2020 @ 6:23pm

          Re: Re: Re: use phony personal info

          Exactly. You can buy a car without registering it. However, the circumstances under which you can legally operate it without registering it are so narrow as to preclude most practical purposes.

          In some states, you can buy a gun without registering it. The background check process is not a registration, and officially does not contribute to a master list of gun owners. (Whether such a list is unofficially created by excessive retention of records of the background checks is another matter, but the law does not call for the Federal government to create such a list.) In some circumstances, you can lawfully avoid undergoing a background check at the point of sale. For example, a person who possesses a valid Concealed Handgun License can present that in lieu of a background check, since acquiring the CHL requires a successful background check. While this does not avoid being subject to a background check, it does divorce the background check from the purchase of the firearm. For this reason, Federal Firearm License holders generally like CHL holders, because it reduces the amount of bureaucracy that the FFL must handle.

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 15 May 2020 @ 6:41pm

          Re: Re: Re: use phony personal info

          yeah, but unfortunately very few governments in this country pay any attention to that "shall not be infringed" part. <insert plug for GOA here>

          reply to this | link to this | view in chronology ]

        • identicon
          Agammamon, 15 May 2020 @ 10:55pm

          Re: Re: Re: use phony personal info

          You don't 'register' the sale of a car. You register the transfer of a title. Its a very different thing and transferring the title isn't strictly necessary.

          As for guns - where do you register them at? That isn't done where I live.

          reply to this | link to this | view in chronology ]

          • icon
            NoahVail (profile), 17 May 2020 @ 10:34am

            Re: Re: Re: Re: use phony personal info

            You don't 'register' the sale of a car.

            We're required to title a car & pay the sales tax w/i 30 days of purchase. I bought an antique a year ago & haven't titled it yet. I'll have a small fine to pay when I do.

            reply to this | link to this | view in chronology ]

        • identicon
          dr evil, 18 May 2020 @ 12:19am

          Re: Re: Re: use phony personal info

          both of which I have bought in bulk without registering.

          reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 15 May 2020 @ 7:11pm

        Re: Re: use phony personal info

        Also have one of these infrared license plate frames that make your plates invisible to any surveillance cameras.

        You would have to drive with your headlights on at all times, and keep your parking lights on, when parked, since they share a power sources with your license plate lights, but it would prevent surveillance cameras and/or ALPR cameras from seeing your license number to avoid being traced that way

        The light from the concealed infrared LEDs would be invisible to the human eye, so no LEOs would ever know you were using one.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 15 May 2020 @ 9:02pm

          Re: Re: Re: use phony personal info

          except cops driving around with ALPR

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 17 May 2020 @ 11:35am

            Re: Re: Re: Re: use phony personal info

            I
            Using infra red anti camera devices is not illegal at this time

            Because unlike to play my stereo om.the loud side I have used them to avoid camera tickets for loud car stereo

            I have been flashed at red light cameras when the light is grewn but have never had a ticket for loud stereo because I have tendered my plates invisible to camera

            Unlike most loud car stereos i dont have that annoying bass so am.nowheres near as annoying as other stereos

            reply to this | link to this | view in chronology ]

        • identicon
          Agammamon, 15 May 2020 @ 10:56pm

          Re: Re: Re: use phony personal info

          Well, except for the cops with a FLIR.

          And that they don't really work.

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 16 May 2020 @ 4:30am

          Re: Re: Re: use phony personal info

          Do you also buy tiger repelling rocks?

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 16 May 2020 @ 10:01am

            Re: Re: Re: Re: use phony personal info

            Do you also buy tiger repelling rocks?

            No, they're too heavy. I much prefer a tiger repelling stick, which is more portable.

            reply to this | link to this | view in chronology ]

  • identicon
    Agammamon, 15 May 2020 @ 1:47pm

    “This is something that we have to make sure that we build protocols around privacy so that any of this information can only be used for this purpose, can be expunged after 14 days so that this is only a minor inconvenience.

    But . . . but that doesn't change anything. You're still requiring people to give information to other people who have not been vetted for safety. That its destroyed in 14 days doesn't stop the Subway employee who wrote it down from immediately copying it for their personal use.

    Even then - mandating without any means set up to monitor compliance means your mandate is unenforceable.

    reply to this | link to this | view in chronology ]

  • identicon
    Agammamon, 15 May 2020 @ 1:49pm

    Again, he means well,

    Who cares. That's not a justification nor an excuse.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 May 2020 @ 1:57pm

    Why would this info ever be handled by or accessible to another human aside from the health department in a CoV2-tracing incident? Writing this on paper? Where employees or anyone with the daring or skill to snag the logs can have it?

    Pure idiocy.

    reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 15 May 2020 @ 2:19pm

      Re:

      I wonder how they will handle people who lie? I don't have a phone, so the number they get will be the same as I give my bank and Amazon and anyone else who ridiculously require a phone number for any reason. 1-800-555-1212, and I have a feeling I am not the only one.

      Any email or street address would have the same veracity. Then, what are they gonna do? Wait outside to see if I show up again? Take some LEO's off a murder or robbery investigation to track me down? Then what, charge me with giving a restaurant false information? I only use cash in restaurants, so there will be no electronic transaction to trace.

      The order charges the restaurant with collecting information, it doesn't say anything about the customers responsibilities.

      Now, I should note that I understand and appreciate the purpose of the order the choice remains, either support restaurants that I like and lie to them, or don't support restaurants that I like. Giving up privacy any more than I have to isn't in the cards.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 15 May 2020 @ 6:55pm

        Re: Re:

        You can always use one of these free Internet phone apps. There is one where you get a number free for 30 days, and then it dissappears, then you gotta get a new number from them.

        When that number dissappears, they no longer have a way to trace you, if you use a VPN when singing up for your 1 month free disposable number. All they will have is the IP address of the VPN, making you untraceable.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 May 2020 @ 7:52pm

        Re: Re:

        the number they get will be ... 1-800-555-1212

        Too obvious. If you're going to be giving fake numbers in person, go with an internal telco test number in the local area code. Most people won't recognize 958/959 numbers.

        reply to this | link to this | view in chronology ]

      • icon
        Atkray (profile), 17 May 2020 @ 12:20am

        Re: Re:

        My go to responseis:

        My name is Jenny.

        800-867-5309

        reply to this | link to this | view in chronology ]

        • icon
          Ehud Gavron (profile), 17 May 2020 @ 1:17am

          Re: Re: Re:

          That's so clever, because everyone knows that number.

          I use (911)911-1911. Because they autodial it and then they have to deal with the PSAP.

          What's a PSAP? No worries, if you're smart enough to google Jennie's number, you can google what happens when you dial this number.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 May 2020 @ 4:32pm

      Re:

      Resturants may or may not a computer system for that so paper may show up. But the real reason is because they can't organize their way out of a paper bag and it shows in their response to the crisis. They could probably have one person set up an app, program, or website with a login using the resturant's index numbers from the Health Department or similiar to organize in the months a lockdown was under effect but they didn't.

      reply to this | link to this | view in chronology ]

    • identicon
      Agammamon, 15 May 2020 @ 10:58pm

      Re:

      How else are you going to implement it?

      An electronic system that requires you to write code, obtain hardware, issue the hardware, train people to operate it - that'll be online somewhere around 2030.

      And even then - the guy entering your information into his terminal just needs to remember it long enough to get back to the counter to copy it down.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 May 2020 @ 7:55pm

      Re:

      Writing this on paper? Where employees or anyone with the daring or skill to snag the logs can have it?

      Restaurants do have a system for securing small pieces of paper (i.e., cash). Paper cards deposited to a time-locked safe would almost certainly be more secure than whatever rushed low-budget paperless system they might buy.

      reply to this | link to this | view in chronology ]

  • identicon
    Christenson, 15 May 2020 @ 2:13pm

    Ready...FIRE!...Aim

    Seems to me the correct thing would be to write down the first names of the people dining with whomever paid the bill on the credit card receipt.

    Then, contact tracing? Call the credit card company, get the phone number (all that's needed for most of us). The receipts are already kept for some interval in case a charge is challenged.

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 15 May 2020 @ 2:21pm

    Nobody gives a fuck.

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 15 May 2020 @ 2:25pm

    Fuck this shitty website.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 May 2020 @ 2:57pm

    The article does note that the Subway employee who did that digital stalking "has now been suspended" (is that New Zealand for fired?)

    It's what happens in areas without at-will employment. A process must be followed. They'll have to hear the employee's side, but unless the customer's story was fabricated, it shouldn't be hard to fire them for serious misconduct: "The key question to ask is if the misconduct undermines or destroys the trust and confidence an employer has placed in the employee."

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 May 2020 @ 9:05pm

      Re:

      Never mind the suspension, how is the law not involved?

      reply to this | link to this | view in chronology ]

      • identicon
        Agammamon, 15 May 2020 @ 11:00pm

        Re: Re:

        Its not illegal to cold-call someone. Even if it makes that person uncomfortable.

        reply to this | link to this | view in chronology ]

      • identicon
        Jamie, 16 May 2020 @ 2:41pm

        Re: Re:

        NZ privacy laws apply to organizations, not individuals. (I believe the same applies to the GDPR and CCPA.)

        Let's assume that the accusations are true, which is probably the case.

        The employee will currently be on administrative leave (likely without wages) while the investigation takes place. They'll be fired for gross misconduct and will be ineligible for a benefit for up to 3 months. They likely won't find much work for a while, except maybe some minimum wage manual labour.

        The Subway franchise store will be investigated by the NZ Privacy Commissioner. The owner and managers likely gave little or no training on privacy, assuming common sense would prevail, which is insufficient under the law. The business will receive a fine that's big enough to hurt but not enough to kill it. The owner will probably go after the employee to recover some of this cost.

        Even though the employee isn't liable for criminal charges, they'll feel the consequences here for some time to come.

        reply to this | link to this | view in chronology ]

  • identicon
    Space Force Super Duper Missle, 15 May 2020 @ 3:12pm

    Might this be related to the requirement to show id when grocery shopping.

    /lol

    reply to this | link to this | view in chronology ]

  • identicon
    Benjamin Franklin, 15 May 2020 @ 4:00pm

    Privacy conscious people are being taught to lie

    Pay with cash. If asked for more info, make something up.

    reply to this | link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 15 May 2020 @ 4:38pm

    ...we have to make sure that we build protocols around privacy...

    Yeah, in the meantime, the barn doors are flapping in the wind and the horses are long gone.

    Who made it a rule that (security / privacy) must be afterthoughts?

    reply to this | link to this | view in chronology ]

  • icon
    Upstream (profile), 15 May 2020 @ 4:48pm

    Restaurant -> Third Party Doctrine -> Government

    If our government had a history of openness, honesty, integrity and respect for the privacy of it's citizens, then people might accept the idea of contact tracers, or contact tracing in general. Unfortunately, this is not the case. Our government has a nearly unblemished record of obfuscation, dishonesty, corruption, and lack of respect for any of it's citizens rights. So, naturally, people are quite resistant to the idea of contact tracers, or giving information to restaurants. It is unfortunate that our government has such a track record of untrustworthiness, but it can blame no one but itself. Now, in this pandemic, this unfortunate history is coming back to haunt us all. Contact tracing could be very useful in limiting the spread of the SARSCOV-2 virus, if the government could be trusted to do it right, but it can't. And, thanks to the misbegotten "third party doctrine" we cannot trust anyone else to do contact tracing either, because any information provided to even an honest third party is available to a dishonest and corrupt government. If some government "cootie cop" asks me anything, I will tell them right where they can get off (and in no uncertain terms).

    reply to this | link to this | view in chronology ]

  • identicon
    Glenn, 15 May 2020 @ 5:09pm

    If someone abusing a system [of any type] were to be used as the reason to eliminate a system, then we wouldn't have any systems at all.

    reply to this | link to this | view in chronology ]

  • icon
    tom (profile), 15 May 2020 @ 5:23pm

    Giving out an address in a public place where someone can overhear and knows that you are likely to be there for a hour or so is just begging for your house to be robbed while you are enjoying your meal. Could even be one of the employees phoning associates who do the crime.

    If the place insists, you could just provide the name, home address and office phone number of the mayor or governor that issued the order. Plus pay with cash.

    reply to this | link to this | view in chronology ]

    • identicon
      Agammamon, 15 May 2020 @ 11:03pm

      Re:

      Giving out an address in a public place where someone can overhear and knows that you are likely to be there for a hour or so is just begging for your house to be robbed while you are enjoying your meal.

      You must never leave your house. If you think that a burglar is waiting in a restaurant for someone to come by and let out and address that is close enough by for his compatriots to run over and burgle . . . look, these guys aren't that organized.

      reply to this | link to this | view in chronology ]

      • icon
        tom (profile), 16 May 2020 @ 1:28pm

        Re: Re:

        Get out a lot. Just don't advertise that there is a house that won't have anyone home for a while.

        If your security policy is counting on stupid or un-organized criminals, I hope you have good insurance.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 May 2020 @ 6:48pm

    Anyone not living in the USA, say USA/Canada dual nationals, would be impossible to contact. The State of Washington has no jurisidiction in Canada

    The one exception to border closures would be, say, Canadians entering Canada on a Canadian passport. Canadian citizens have right of entry, which is why Canadians can cross into Canada and Americans can cross into the uSA

    USA/Canada duals, and they are a lot of them, would be beyond the reach of the State Of Washington, when they are in Canada.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 May 2020 @ 9:10pm

      Re:

      Are you saying that Washington can't contact Canada and ask them to warn their potentially exposed citizens? Are you implying it is a bad idea?

      reply to this | link to this | view in chronology ]

  • icon
    Ehud Gavron (profile), 16 May 2020 @ 1:06am

    Gunzezez

    In the US prior to the magical date of 9-11 the purchase of a weapon from a store required filling out a form. The form stayed at the store. When LEOs wanted to take a weapon recovered from a crime scene and trace it back to owners they'd have to backtrace it based on S/N to the store... then get the store to pull up that paper record.

    There was no way to list "weapons owned by Mr. X" only backtrace a specific S/N of a weapon to Mr. X once the S/N was known.

    This idea of "keep track of everyone who eats here... when... where... who with..." is anathematic to that. It wouldn't be harmful, much like an online order, if all diners signed off on a credit card slip and listed other diners. THEN if the LEOs want that... they have to go to the restaurant to get it, not build a magic online database of who ate with whom.

    Note: Nothing in the governor's original orders NOR in his modified orders suggests keeping track of who wore masks, gloves, etc., essentially treating everyone as infection monsters... whether we're sneezing, coughing, covered, uncovered, gloved, or clear.

    Trump is an idiot. So is the governor of Washington. What can you do?

    E

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 May 2020 @ 4:48pm

    Simple method.

    1. Have customer fill out contact form.
    2. Put form into envelope.
    3. Seal envelope. Mark date and time on envelope.
    4. After specified time goes by, destroy envelope and contents.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 May 2020 @ 5:53pm

    1. No simple method survives contact with the enemy.
    2. The enemy is human stupidity and venality, which is more prevalent (and less easily detectable) than coronavirus.

    Your libidinous waiter can simply tear open the envelope, read the stalkee's information, and seal it into a second envelope. Who's going to know the signature is employee's, rather than patron's, until the waiter goes off shift and on phone?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 May 2020 @ 7:49am

      Re:

      Your libidinous waiter can simply tear open the envelope, read the stalkee's information, and seal it into a second envelope.

      Doesn't mean there's no value to it. A postal worker could do the same, and people build fences that are easily defeatable by ladders or wire cutters; nevertheless, most people have some psychological resistance to breaching an overt security barrier like that.

      reply to this | link to this | view in chronology ]

  • icon
    Ehud Gavron (profile), 17 May 2020 @ 1:24am

    Re: Covid influence our daily life behavior

    Thanks. I needed something like this. I'm going to go buy auto bearings from your illiterate spam with the bad links right now.

    reply to this | link to this | view in chronology ]

  • identicon
    dr evil, 18 May 2020 @ 7:59pm

    dont worry, we are the government and we are here to help

    your privacy is important to us. <snicker> <guffaw>
    imagine when you have a peaceful, prosperous society, and immigrants come and breed you out and bring in more immigrants. they bring you disease. they disarm you. they make you stay home. maybe give you a little welfare to keep you calm, but you are not in critical jobs so you will never be allowed out. ... here, have some alcohol. now, enough about the native americans...

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.